780009 - Update to NSS to version 3.13.6

Status: RESOLVED FIXED

(Core :: Security: PSM, defect)

Description

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

We need to do this on mozilla-aurora and mozilla-beta too, specifically to fix bug 634074 in those for Firefox 15 and 16. I'm filing this as a separate bug because the update also addresses other issues.

The beta release of NSS 3.13.6 is already in mozilla-central and we're going to give it another few days on mozilla-central to see if we get any bug reports regarding regressions, before we finalize the NSS 3.13.6 release. We'd like to land NSS 3.13.6 in -aurora and -beta next week as soon as we do that release.

Comment 1

[Lukas Blakk [:lsblakk] use ?needinfo]

The bug this is reported to be fixing has been around for over a year and a half.  I don't see what the reasoning is for rushing this through the branches instead of riding the trains.  Waiting another 12 weeks to get this out seems safe and allows us more time to evaluate regressions. Is there other reasoning we should be aware of here?

Comment 2

[Lukas Blakk [:lsblakk] use ?needinfo]

Also, comment 0 mentions that this is already in mozilla-central, can someone point to the landing/changeset for that?

Comment 3

[Wan-Teh Chang]

lsblakk: the mozilla-central landing changeset is
https://hg.mozilla.org/mozilla-central/rev/25ec9ccddcb5

(See bug 764393 comment 34.)

Comment 6

[Lukas Blakk [:lsblakk] use ?needinfo]

Tracked bugs this late in the release cycle need to have owners so picking Brian Smith (re-assign to another person if there's someone else who will deal with this bug).

Comment 7

[Jean-Marc Desperrier]

bug 634074 is a real PITA, and it has a number of duplicate like bug 664956, bug 479508, bug 764393 (which shows that Comodo is feeling the pain, the important thing here being that it's the Firefox users that first feel the pain, which then hits Comodo).

The long waiting shows how difficult it is to fight the inertia to get any NSS bug fixed (especially when told "just wait a bit, PKIX will fix this"), but *not* that the bug is insignificant. Whilst power users can work it around by forcing the connexion, it has been pushing a number of average users to switch to Chrome ever since it exist.

The NSS team should give a regression risk estimate, but IMO it would be very much worth it to try to get this in Aurora.

Comment 8

[Wan-Teh Chang]

NSS_3_13_6_RTM pushed to mozilla-inbound:
https://hg.mozilla.org/integration/mozilla-inbound/rev/30d68a18f933

Comment 9

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

Kai, I was not able to do the pushes to -aurora and -beta before I left on PTO. Honza is away for a month and I am away for a week. It would be great if you could drive this so that it lands in -aurora and -beta. Thanks.

Comment 10

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/mozilla-central/rev/30d68a18f933

Comment 11

[Kai Engert (:KaiE:)]

Attachment: placeholder patch

Comment 12

[Kai Engert (:KaiE:)]

Please either approve the patch, or just say in a comment "approved for aurora/beta". Thanks

Comment 13

[Lukas Blakk [:lsblakk] use ?needinfo]

Comment on attachment 651808 [details] [diff] [review]
placeholder patch

Approving for Aurora/Beta - please update the status for each once landed.  Thank you.

Comment 14

[Wan-Teh Chang]

Comment on attachment 651808 [details] [diff] [review]
placeholder patch

r=wtc.  Please remember to change security/coreconf/coreconf.dep. Thanks.

Comment 15

[Kai Engert (:KaiE:)]

http://hg.mozilla.org/releases/mozilla-aurora/rev/d343a687b8ee
http://hg.mozilla.org/releases/mozilla-beta/rev/77248c613062

Wan-Teh, thanks for the reminder.
Maybe we can get bug 782784 landed, reducing the likelyhood to forget in the future.